This article explores Volume 3 of a four-part report series. Read the first and second articles.
Forty seconds after its maiden launch, the Ariane 5 rocket, a major European launch rocket, catastrophically failed and exploded in the sky. The cause wasn't an engine malfunction or a structural failure; it was a software bug. A data overflow error, inherited from a reused piece of code, went undetected during testing and caused the rocket’s guidance system to fail. The bug that caused the crash would have been caught before launch if the testing process had included simulations for the new flight parameters; a test with a proper assertion could have flagged the error on the ground.
While few software failures are as spectacular as a rocket explosion, this infamous example highlights a crucial truth: small weaknesses in code and process can lead to devastating consequences. These issues contribute to the staggering annual cost of poor software quality in the U.S., which has climbed to over $2.41 trillion. Much of this cost stems from the daily friction and hidden risks within code that is difficult to understand, modify, and maintain.
But what do these issues look like in the code being written today?
Find out in the third installment of The State of Code report series, focusing on highlighting the common maintainability challenges we found across global codebases. Following our deep dives on reliability and security, this report unpacks the most common "code smells"—weaknesses in design that slow down development, increase technical debt, and elevate the risk of future bugs and failures.
Our findings are drawn from an analysis of Sonar's massive dataset from the last six months of 2024, which includes:
- More than 7.9 billion lines of code
- Contributions from over 970,000 developers across more than 40,000 organizations
- Analysis of Java, JavaScript, TypeScript, Python, C#, C++, and PHP
The analysis was revealing. On average, for every million lines of code, Sonar found approximately 53,000 maintainability issues. That translates to about 72 code smells caught per developer per month, representing a silent but significant drain on team efficiency. Below we highlight some of the most frequent problems we uncovered.
1. Improper JavaScript variable declarations
The most frequently found code smell relates to how variables are declared in JavaScript. Specifically, it’s the use of the legacy keyword var instead of the modern, more precise let or const.
- Why it's a problem: For developers, this creates frustrating debugging sessions spent hunting down why a variable has an unexpected value. For development managers, this translates directly to lost productivity and increased technical debt. The time teams spend chasing these hard-to-find bugs is time not spent on innovation.
- How to fix it: Modern JavaScript introduced let and const to give variables stricter, block-level scope and prevent accidental reassignment. SonarQube helps enforce these modern standards by automatically detecting the use of var and providing real-time feedback within the developer's IDE. This ensures code is more predictable and easier to maintain.
2. Tests that don't test anything
The most common "blocker" maintainability issue found by our analysis involves unit tests that lack assertions. An assertion is the part of a test that actually verifies if the code produced the correct outcome. Without it, a test only confirms that the code ran without crashing.
- Why it's a problem: These tests provide no real value while inflating test coverage statistics, which can mislead developers about the true health of a project. When a regression inevitably occurs, the team is caught by surprise because their tests failed to catch it. This erodes confidence in the testing process and makes it harder to assess true code quality.
- How to fix it: A good test must verify a specific, expected outcome. SonarQube enforces this by flagging tests without assertions as a blocker issue that should be addressed immediately. This ensures that tests are meaningful and that test coverage metrics accurately reflect how well the code's behavior is actually being validated.
Conclusion: Building a foundation for the future
Addressing maintainability is crucial for the long-term health of any software project. It directly impacts developer productivity, reduces the risk of future bugs, and lowers the total cost of ownership. As AI coding assistants generate more code than ever, ensuring the quality of the human-written code they learn from is paramount.
This report offers a first step toward understanding the most common maintainability issues affecting development teams today. By catching these problems early, teams can build a more stable, resilient, and secure foundation for the future.
These findings are just the beginning. Download The State of Code: Maintainability report to see:
- The top five maintainability issues we found in nearly 8 billion lines of code
- The most common blocker maintainability issue found by SonarQube
- Actionable solutions to help you eliminate these issues
Stay tuned for the next report in our series, where we’ll explore language-specific challenges impacting codebases globally.